Jamf Nation Community

dstranathan · ‎12-05-2016

Has anyone else seen OS X Server’s SUS server re-enable a software update after it was explicitly removed/disabled by the admin?

I'm seeing a situation in which both Safari 10.0 and 10.0.1 are both getting downloaded and enabled - against my will! I'm runnning my SUS 5.2 on OS X 10.11.6.

It's a pain because I have a couple intranet services that don't work with Safari 10 yet (ADFS, ServiceNow etc).

My end user’s Macs are magically getting Safari 10.x from my SUS. Every time I check the SUS Safari 10 is downloaded and enabled again. Doh!

I have seen Apple's SUS do weird things in the past - but not this.

NowAllTheTime · ‎12-06-2016

I've seen this with ours. With Apple sunsetting SUS anyway, we decided to just start ignoring updates via a policy that runs a script like this:

#!/bin/bash

# Reset existing ignored updates in the softwareupdate service

sudo softwareupdate --reset-ignored

# Set software updates in the array "updatesToIgnore" to be ignored by the softwareupdate service

updatesToIgnore=( Safari10.0ElCapitan Safari10.0Yosemite )

for badUpdate in "${updatesToIgnore[@]}"
do
    sudo softwareupdate --ignore "$badUpdate"
done

Jamf Nation Community

Apple SUS server 5.2: Re-enabling & Re-activating Updates?